Posted 21 January 2014 - 05:00 PM

sincity

Advanced Member

Members

2418 posts

63Getting Better

To maintain relevance in a landscape where most workers are mobile, Data Loss Prevention technology must move from the server to the endpoint. If you are unable to monitor data movement because a device is off the network, then you put corporate data at a greater risk.

Key Considerations

Invest in DLP technology that extends to the endpoint. Without it, you will only be able to secure a small subset of data stored on devices that are never off the network

Know your users. Qualify user access to data based on their role within the company and investigate if someone is accessing data that is outside of their authority. Hopefully your DLP solution integrates well with Active Directory so that this organisational infrastructure can be easily imported

Know your data. Work with senior management, HR, legal, and any other stakeholders to determine the types of data that must be secured

Quantify the risk. Once the different categories of data have been identified, rank each group based on sensitivity and potential impact to the organisation

Design appropriate security protocols. Some categories of data may require a cautionary approach from IT while other types of data may need to be locked down completely. Build a protocol that applies an appropriate response based on the significance of the data

Regulatory compliance. With the above criteria in place, you should be able to respond immediately (and appropriately) to any data security incident that may arise relative to data movement. It's important to record the response and the ultimate result to prove your compliance with corporate and government regulations

Stephen Midgley oversees all aspects of global marketing and product management at Absolute Software including corporate communications, product marketing, demand generation, and the company's presence on the web.